Add chkrootkit 0.30, a tool to locally check for signs of a rootkit.

PR: 26115 Submitted by: Luiz Eduardo R. Cordeiro
svn path=/head/; revision=40977
2025-01-13 07:34:50 +00:00 · 2001-04-07 00:48:49 +00:00 · 2001-04-07 00:48:49 +00:00 · dfa4561877 · 2021-03-31 03:12:20 +00:00
commit dfa4561877
parent a92e626ee1
6 changed files with 67 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -15,6 +15,7 @@
    SUBDIR += calife
    SUBDIR += cfs
    SUBDIR += checkpassword
+    SUBDIR += chkrootkit
    SUBDIR += chrootuid
    SUBDIR += cksfv
    SUBDIR += cops
--- a/security/chkrootkit/Makefile
+++ b/security/chkrootkit/Makefile
@ -0,0 +1,37 @@
+# Ports collection makefile for:	chkrootkit
+# Date created:				13 Mar 2001
+# Whom:					Luiz Eduardo R. Cordeiro
+#
+# $FreeBSD$
+#
+
+PORTNAME=	chkrootkit
+PORTVERSION=	0.30
+CATEGORIES=	security
+MASTER_SITES=	ftp://ftp.pangeia.com.br/pub/seg/pac/
+DISTNAME=	${PORTNAME}
+
+MAINTAINER=	cordeiro@iqm.unicamp.br
+
+WRKSRC=		${WRKDIR}/${PORTNAME}-${PORTVERSION}
+ALL_TARGET=	chkrootkit chklastlog chkwtmp ifpromisc
+
+pre-patch:
+	@${MV} ${WRKSRC}/Makefile ${WRKSRC}/Makefile.orig
+	@${SED} -e "s/^CC/#CC/g" -e "s/^CFLAGS/#CFLAGS/g" \
+		${WRKSRC}/Makefile.orig > ${WRKSRC}/Makefile
+	@${MV} ${WRKSRC}/chkrootkit ${WRKSRC}/chkrootkit.orig
+	@${SED} -e 's#\./chklastlog#${PREFIX}/sbin/chklastlog#' \
+		-e 's#\./chkwtmp#${PREFIX}/sbin/chkwtmp#' \
+		-e 's#\./ifpromisc#${PREFIX}/sbin/ifpromisc#' \
+		${WRKSRC}/chkrootkit.orig > ${WRKSRC}/chkrootkit
+do-install:
+	${INSTALL_SCRIPT}  ${WRKSRC}/chkrootkit ${PREFIX}/sbin
+	${INSTALL_PROGRAM} ${WRKSRC}/chklastlog ${PREFIX}/sbin
+	${INSTALL_PROGRAM} ${WRKSRC}/chkwtmp    ${PREFIX}/sbin
+	${INSTALL_PROGRAM} ${WRKSRC}/ifpromisc  ${PREFIX}/sbin
+	@${MKDIR} ${PREFIX}/share/doc/chkrootkit
+	${CP} -R ${WRKSRC}/COPY*   ${PREFIX}/share/doc/chkrootkit
+	${CP} -R ${WRKSRC}/README* ${PREFIX}/share/doc/chkrootkit
+
+.include <bsd.port.mk>
--- a/security/chkrootkit/distinfo
+++ b/security/chkrootkit/distinfo
@ -0,0 +1 @@
+MD5 (chkrootkit.tar.gz) = 2f1c9ec3c3bf62d50c70e25a52ddc1d7
--- a/security/chkrootkit/pkg-comment
+++ b/security/chkrootkit/pkg-comment
@ -0,0 +1 @@
+A tool to locally check for signs of a rootkit
--- a/security/chkrootkit/pkg-descr
+++ b/security/chkrootkit/pkg-descr
@ -0,0 +1,18 @@
+Chkrootkit is a tool to locally check for signs of a rootkit.  It
+contains:
+ 
+ * chkrootkit: a shell script that checks system binaries for
+   rootkit modification.
+ * ifpromisc.c: checks if the network interface is in promiscuous
+   mode.
+ * chklastlog.c: checks for lastlog deletions.
+ * chkwtmp.c: checks for wtmp deletions.
+ 
+The following rootkits and worms are currently detected: Solaris
+rootkit, FreeBSD rootkit, lrk3, lrk4, lrk5, lrk6, t0rn, some lrk
+variants, Ambient's Rootkit for Linux (ARK), Ramen Worm,
+rh[67]-shaper, RSHA and Romanian rootkit.
+ 
+Nelson Murilo <nelson@pangeia.com.br>
+
+WWW: http://www.chkrootkit.org.br
--- a/security/chkrootkit/pkg-plist
+++ b/security/chkrootkit/pkg-plist
@ -0,0 +1,9 @@
+sbin/chkrootkit
+sbin/chklastlog
+sbin/chkwtmp
+sbin/ifpromisc
+share/doc/chkrootkit/COPYRIGHT
+share/doc/chkrootkit/README
+share/doc/chkrootkit/README.chklastlog
+share/doc/chkrootkit/README.chkwtmp
+@dirrm share/doc/chkrootkit
				`@ -0,0 +1 @@`
				`MD5 (chkrootkit.tar.gz) = 2f1c9ec3c3bf62d50c70e25a52ddc1d7`
				`@ -0,0 +1 @@`
				`A tool to locally check for signs of a rootkit`